CVE-2024-30406

MEDIUM
Published Apr 12, 2024 Modified Jan 23, 2026 CWE-313

Description

A Cleartext Storage in a File on Disk vulnerability in Juniper Networks Junos OS Evolved ACX Series devices using the Paragon Active Assurance Test Agent software installed on network devices allows a local, authenticated attacker with high privileges to read all other users login credentials. This issue affects only Juniper Networks Junos OS Evolved ACX Series devices using the Paragon Active Assurance Test Agent software installed on these devices from 23.1R1-EVO through 23.2R2-EVO.  This issue does not affect releases before 23.1R1-EVO.

CVSS v3.1 Score

5.5
MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N

Weakness Type (CWE)

CWE-313 CWE-313

Affected Products

Vendor Product
juniper paragon_active_assurance_test_agent
juniper junos_os_evolved
juniper junos_os_evolved
juniper junos_os_evolved
juniper junos_os_evolved
juniper junos_os_evolved
juniper junos_os_evolved
juniper junos_os_evolved
juniper junos_os_evolved
juniper acx5448
juniper acx5448-d
juniper acx5448-m
juniper acx7020
juniper acx7024
juniper acx7024x
juniper acx710
juniper acx7100
juniper acx7300
juniper acx7509

References

Frequently Asked Questions

What is CVE-2024-30406? +
A Cleartext Storage in a File on Disk vulnerability in Juniper Networks Junos OS Evolved ACX Series devices using the Paragon Active Assurance Test Agent software installed on network devices allows a local, authenticated attacker with high privileges to read all other users login credentials. This issue affects only Juniper Networks Junos OS Evolved ACX Series devices using the Paragon Active Assurance Test Agent software installed on these devices from 23.1R1-EVO through 23.2R2-EVO.  This issue does not affect releases before 23.1R1-EVO. It has a CVSS v3.1 base score of 5.5 (MEDIUM).
How severe is CVE-2024-30406? +
CVE-2024-30406 has a CVSS v3.1 score of 5.5 out of 10, rated MEDIUM. This is a medium-severity vulnerability that should be remediated as part of regular maintenance.
What products are affected by CVE-2024-30406? +
CVE-2024-30406 affects products from juniper, specifically: acx5448, acx5448-d, acx5448-m, acx7020, acx7024, acx7024x, acx710, acx7100, acx7300, acx7509, junos_os_evolved, paragon_active_assurance_test_agent. Check the affected products table above for specific version ranges.
How do I check if I'm vulnerable to CVE-2024-30406? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2025-5098 9.1

PrinterShare Android application allows the capture of Gmail authentication tokens that can be reused to access a user's Gmail account …
CVE-2025-4397 6.8

Medtronic MyCareLink Patient Monitor uses per-product credentials that are stored in a recoverable format. An attacker can use these credentials …
CVE-2024-20448 6.3

A vulnerability in the Cisco Nexus Dashboard Fabric Controller (NDFC) software, formerly Cisco Data Center Network Manager (DCNM), could allow …
CVE-2025-36154 6.2

IBM Concert 1.0.0 through 2.1.0 stores sensitive information in cleartext during recursive docker builds which could be obtained by a …
CVE-2024-6785 5.5

The configuration file stores credentials in cleartext. An attacker with local access rights can read or modify the configuration file, …
CVE-2024-38280 4.6

An unauthorized user is able to gain access to sensitive data, including credentials, by physically retrieving the hard disk of …

Don't wait for an exploit

Scan your website for vulnerabilities like CVE-2024-30406 — free, no signup required.

Start Free Scan